Cybersecurity Insurance: What Is It and Do I Need It?

lock and key cybersecurityOne hundred percent of businesses are at risk of cybercrime and no business can mitigate their risk completely. Cybercriminals are becoming more creative, more resourceful, and consistently finding new ways to hack into systems to jeopardize businesses. One breach into a company’s system when not protected can result and has resulted in millions of dollars of losses. But the situation isn’t entirely grim and there are ways to lower risk for these scenarios. At Firefly, we take the threat of cybercrime very seriously and are providing more and more resources to help inform, educate, and provide guidance to minimize these risks. We lead our clients through defensive controls such as setting up multi-factor authentication on their applications, helping with employee training on cybercrime, and many other defensive controls. We consistently ask ourselves the question, “What else can we do to protect our clients and prospective clients from these risks?”

One additional area that can help insulate us against the potential repercussions of cybercrime is cybersecurity insurance. Cybersecurity insurance, while extremely important, isn’t a way to eliminate all other responsibilities related to cybercrime but rather an extra safety net if all else fails. However, it is rather complex and after speaking with our partner, Joseph Brunsman, VP and CCO of Chesapeake Professional Liability Brokers, we aim to share some of the high-level nuances of cybersecurity insurance with you today. Joseph has written the book on cybersecurity…or rather, three of them! He’s a speaker and a subject matter expert on cybersecurity, cyber law, and cyber insurance. He shared with us recently in a webinar some of his wisdom around cybersecurity insurance, how to know when you need it, and factors to consider when purchasing a policy.

What is cybersecurity insurance?
Before we dive into what needs exist for cybersecurity insurance, let’s level set on what it actually is. For businesses that have general liability or property insurance policies, cyber coverage isn’t typically included. With cybercrime on the rise, stand-alone policies have been specifically created for cybersecurity risks. According to the Cybersecurity & Infrastructure Security Agency (CISA), cybersecurity insurance is insurance designed to “mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.” 

Cybersecurity insurance is not an umbrella to protect businesses from weathering any cybersecurity storm though. Other precautionary measures should be taken with the cybersecurity insurance policy intact as a safeguard to continue lowering the risk of loss. Many policies even hold certain requirements to be met for insurance claims to be approved. A business’ IT team or managed service provider (MSP) can help partner in these requirements to ensure the business is in compliance with the policy.

How do I know if I need cybersecurity insurance? 
While insurance in any realm is one area where the buyer and the seller don’t actually want the policy to be used, there are some nuances to cybersecurity insurance that make it a bit more complicated than typical policies in evaluating needs. There are over 200 cybersecurity insurance policies in existence and they are all unique, just like businesses are unique. No two businesses have the same needs but all businesses should explore the need with a licensed cybersecurity broker or agent. 

Factors that will be used to understand the specific policy that you need or don’t need would explore the fundamentals of a policy, your business needs, and an analysis of the policy language. Given the newness of this industry, the language between policies is not always standard. A definition in one policy might not mean the same thing in another policy. When evaluating which policy is right for a business, it is very important to have a working knowledge of what is covered. 

A cybersecurity insurance agent will be able to work with you to understand what your potential losses could be and how insurance companies would respond to claims or potential losses. Your agent can also help you understand the policy requirements for rules you need to follow to be in compliance so that if there is an issue, the claim will be approved. 

Once I have my policy in place, how can I best prepare for a cybersecurity event?
You’ll want to be much more diligent in understanding the cybersecurity policy than other insurance policies. Have a working knowledge of the policy and be aware of what is covered. As you have covered with your agent, make sure you’re aware of what you’re responsible for both legally and considering the policy and are keeping those requirements fulfilled. 

Keep your cybersecurity “house” in order and develop a cybersecurity response plan with detailed information on roles and responsibilities, communication plans, and reactive crisis management if something should occur. Have all of your contact information and your plan digitally and tangibly stored for easy access. If computers aren’t available, it will be important to be able to access your plan.  

Where can I go for help?
With high risks that are at stake, take action now in protecting your business. This includes working with your IT team or managed service provider, like Firefly, to help you with specific preventative measures in protecting your assets. In addition, find a local cybersecurity insurance broker or agent to help you find the best policy for your needs. 

If you are not a Firefly MSP client currently but you’d like to explore how the Firefly team can help protect your business against cybercrimes, schedule time today when it is most convenient for you. Schedule Time Now.

If you would like to learn more about Joseph Brunsman and the wealth of information he provides related to cybersecurity, check out his YouTube channel here. His latest book, Damage Control: Cyber Insurance and Compliance is available free at

Author avatar
Adam Jones